I'm running Debian Testing on amd64, with the apt-listbugs feature that tells me if bugs are present before upgrading.
Now the package libgnutls-deb0-28 has a serious bug to the effect that "CUPS crashes when reading TLS". Because of this, I've refrained from many upgrades and installs that I would like, for example GNOME 3.12.
Question is, should I really care? When does CUPS need TLS? Is it needed when printing over a network, something I never do?
I found the following article on the web just today:
https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html
Here is an excerpt from that document:
"It used to be believed that TLS v1.0 was marginally more secure than SSL v3.0, its predecessor. However, SSL v3.0 is getting very old and recent developments, such as the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it). Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications. If that was not enough … POODLE certainly was. In fact, as a result of POODLE, SSL v3 is being disabled on web sites all over the world and for many other services as well.
SSL v3.0 is effectively “dead” as a useful security protocol. Places that still allow its use for web hosting as placing their “secure web sites” at risk; Organizations that allow SSL v3 use to persist for other protocols (e.g. IMAP) should take steps to remove that support at the soonest software update maintenance window.
Subsequent versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0. For example, the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods."
